Dear wioxjk,
1)
Observation:
Most GNU/Linux distros use the package rsyslogd as the system logging service.
Check for /etc/rsyslog.conf
2)
Observation:
By default, dnsmasq sends its log lines to the system log service,
unless commanded otherwise.
The default dnsmasq configuration has log-facility=DAEMON
(Read the dnsmasq manpages)
The original Pi-hole developer decided to override the default with log-facility=[A-FILE-NAME]
3)
Possible HowTo:
Make /etc/dnsmasq.d/99-pihole-log-facility.conf containing:
log-facility=DAEMON
to over-override Pi-hole's configuration.
No need to tamper with /etc/dnsmasq.d/01-pihole.log
since it does NOT "belong" to you.
Just "comment" the "log-facility=" statement there.
4)
Possible HowTo:
Make /etc/rsyslog.d/11-dnsmasq-pihole-log.conf containing something like the following:
##########################################################################
# #
# This file is : /etc/rsyslog.d/11-dnsmasq-pihole-log.conf #
# #
# Debian based distros : #
# #
# /etc/rsyslog.conf contains : #
# #
# $IncludeConfig /etc/rsyslog.d/*.conf #
# #
# Caution : #
# rsyslog includes all the files, #
# and then evaluates the resulting config #
# #
# Warning : #
# rsyslog inserts the HOSTNAME in the new log line, #
# between the log date and the log programname #
# #
##########################################################################
#
#
##########################################################################
# #
# rsyslogd filter file #
# #
##########################################################################
#
#
#------------------------------------------------------------------------#
# Filter A : Send ALL dnsmasq loglines to a log destination. #
# For remote : adapt and UN-comment the remote destination. #
#------------------------------------------------------------------------#
#
if ( $programname == "dnsmasq" )
then {
/var/log/pihole/dnsmasq.pihole.full.log
# @myremotelogmachinedomainnameORmyremotelogmachineIPaddress (UDP)
# @@myremotelogmachinedomainnameORmyremotelogmachineIPaddress (TCP)
#
#
#
#------------------------------------------------------------------------#
# Filter B : Send ONLY the DNS queries to a log destination: #
# For remote : adapt and UN-comment the remote destination. #
#------------------------------------------------------------------------#
#
if ( $msg contains "query[A" )
then {
/var/log/pihole/dnsmasq.pihole.query.log
# @myremotelogmachinedomainnameORmyremotelogmachineIPaddress (UDP)
# @@myremotelogmachinedomainnameORmyremotelogmachineIPaddress (TCP)
# For the count of the DNS queries = Use :
# wc -l /var/log/pihole/dnsmasq.pihole.query.log
}
#
#
#
#------------------------------------------------------------------------#
# Filter C : Send ONLY the BLOCKED domains to a log destination. #
# Variation (1) : test the presence of "gravity.list". #
# For remote : adapt and UN-comment the remote destination. #
#------------------------------------------------------------------------#
#
if ( $msg contains "/etc/pihole/gravity.list" )
then {
/var/log/pihole/dnsmasq.pihole.blocked.log
# @myremotelogmachinedomainnameORmyremotelogmachineIPaddress (UDP)
# @@myremotelogmachinedomainnameORmyremotelogmachineIPaddress (TCP)
# For the count of the blocked domains = Use :
# wc -l /var/log/pihole/dnsmasq.pihole.blocked.log
}
#
#
#
#------------------------------------------------------------------------#
# Filter D : Send DNS queries and BLOCKED domains to a log destination. #
# Variation (2) : test the pihole IP address. #
# This captures the wildcard domain names also. #
# For remote : adapt and UN-comment the remote destination. #
#------------------------------------------------------------------------#
#
if ( $msg contains "query[A" or $msg contains "is 10.2.1.47" )
then {
/var/log/pihole/pihole.log
# @myremotelogmachinedomainnameORmyremotelogmachineIPaddress (UDP)
# @@myremotelogmachinedomainnameORmyremotelogmachineIPaddress (TCP)
}
#
#------------------------------------------------------------------------#
# End of Filters B C D #
#------------------------------------------------------------------------#
#
#
#
#------------------------------------------------------------------------#
# Since we have the dnsmasq loglines in our our logs now : #
# Do NOT log the dnsmasq loglines in the system log. #
#------------------------------------------------------------------------#
#
stop
}
#
#------------------------------------------------------------------------#
# End of Filter A #
#------------------------------------------------------------------------#
#
#
#
##########################################################################
# #
##########################################################################
Your preferences may vary. 
Note to the pi-hole developers: these filters work faster than faster than light 
Grtz, F.C.